A French company, a European commitment

TEHTRIS solutions are entirely developed in France and hosted in Europe. Discover the values of excellence and innovation that drive our teams.

TEHTRIS EDR
Endpoint Detection & Response

Detecta y neutraliza automáticamente las amenazas conocidas y desconocidas en tiempo real.

El EDR europeo hiper-automatizado, desde 2013.

Capacidad de remediación y neutralización automática de ciberataques sin acción humana.

TEHTRIS es reconocido como un proveedor representativo en el Market Guide for Extended Detection and Response 2021*

Obtener la guía de mercado

Detección y Respuesta aumentada de ataques en tiempo real: una respuesta automatizada con 0 clic.

TEHTRIS EDR es uno de los pioneros y creadores de la ola EDR del futuro, la que aspira a ser capaz de instalar miles de agentes EDR en menos de 24 horas, la que es capaz de detectar operaciones de espionaje furtivo sin ningún arma y sin ningún malware, la que conoce las técnicas utilizadas por los hackers y construye respuestas por adelantado… TEHTRIS EDR es una solución proporcionada en modo SaaS, a través de la nube, con una voluntad de anticipar, prevenir, detectar y reaccionar a nivel de ciberseguridad.

Nuestro EDR está en producción en todo el mundo desde 2013.

¿Por qué elegir TEHTRIS EDR?

TEHTRIS EDR incluye múltiples motores de detección capaces de detectar las últimas amenazas más peligrosas y avanzadas.

En modo Machine Learning o Deep Learning, el control de bajo nivel permite obtener conocimientos sobre los comportamientos normales para distinguir mejor a los atacantes, sus herramientas y métodos, ofreciendo una ventaja competitiva consecuente frente a los atacantes tradicionales o furtivos.

TEHTRIS va más allá que otras soluciones, ya que en ausencia de operadores humanos, los sistemas de defensa activa pueden configurarse para responder de forma autónoma las 24/7, incluso ante un ataque desconocido, siguiendo criterios y políticas predeterminadas, desde la emisión de la alarma hasta la neutralización inmediata y automática.

TEHTRIS EDR ofrece el Automatic Kill y Last Click Termination para la remediación en tiempo real sin acción humana..

Se imponen sanciones directas a todos los atacantes, que deben asumir el riesgo de perder sus herramientas y de que les roben sus métodos ofensivos, que serán reconocidos en todo el mundo.

TEHTRIS EDR toma en cuenta los numerosos ataques que siguen llegando, con agresiones cada vez más furtivas y sofisticadas, haciendo que la eficacia en el terreno sea cada vez más prioritaria.

Como marca de TEHTRIS, también trabajamos con nuestros clientes y socios en procesos de innovación abierta, Open Innovation, donde nos enriquecemos con la retroalimentación técnica y organizacional, con el fin de proporcionar siempre el mejor servicio posible.

En 2013, TEHTRIS inventó un motor de ciberseguridad llamado «DAS», haciendo referencia a más de 15 años de investigación en seguridad digital activa, dando a luz a un agente disruptivo tipo HIPS, un Endpoint Detection and Response mucho antes de la llegada de estos productos y sus nombres oficiales al mercado.

TEHTRIS EDR sólo consume entre el 1 y el 3% de la CPU, 90 MB de RAM y 50 MB de espacio en disco. La información enviada a la XDR es de unos 10 MB/día.

TEHTRIS EDR está desarrollado y alojado en Francia y en Europa, diseñado de forma nativa por nuestros desarrolladores de TEHTRIS (sin superposición de capas de software preexistentes).

Pensado éticamente desde su concepción sin puertas traseras, garantizamos la inviolabilidad del contenido de los archivos protegidos a los que no accedemos.

Su protección optimizada por naturaleza, Security & Ethics by design.

Funcionalidad única para inspeccionar las vulnerabilidades conocidas en su parque para reducir la superficie de exposición y apoyar la política de cumplimiento. 9000 reglas están incluidas en el motor.

Detección de elementos del parque no protegidos

Más de 20.000 EDRs desplegables en menos de 24 horas. Elija el despliegue que más le convenga: SaaS, On-Premise o Híbrido.

Integrado con TEHTRIS SOAR
(Security Orchestration And Response)

Cuando se trata de ciberseguridad, orquestar eventos y reaccionar a las amenazas de forma eficaz y rápida es un reto fundamental. Una de las mejores maneras de hacerlo es con una potente automatización e inteligencia artificial. Esto es lo que ofrece TEHTRIS con su SOAR integrado en la TEHTRIS XDR Platform.

La solución esencial para sus endpoints

Durante una treintena de años, la seguridad se limitaba a unos pocos medios elementales, relativamente sencillos pero eficaces, para luchar contra todo. Simbólicamente, recordamos el verano de 2003 con el gusano MSBlast que contaminó millones de sistemas operativos de Microsoft. Entonces se adoptaron tres hábitos de seguridad en Windows: actualizar el sistema, tener un firewall y utilizar un antivirus.

Este modelo se convirtió en el «dominant design» de la ciberseguridad: un firewall y algunas herramientas para la periferia, un antivirus y algunas opciones para el interior. Así, Internet se ha poblado de las llamadas redes «crunchy», es decir, «hard» en la cáscara (seguridad perimetral) y «soft» en el interior, sin olvidar la interconexión de todos los sistemas: teléfonos, objetos conectados, etc. Ahora, hay una deuda tecnológica de ciberseguridad y las soluciones de TEHTRIS están precisamente diseñadas para luchar y defenderse eficazmente

Pictogramme d'une carte mère avec les icônes d'edr et de epp qui illustre leur immense capacité à bien fonctionne ensemble et réunis

¿Por qué combinar su EPP con una solución EDR?

Creemos en la convergencia de las tecnologías EDR y EPP, para una misión común y calculada de protección de los endpoints, con funciones técnicas que se combinan. TEHTRIS se inscribe en esta lógica de transformación, ofreciendo su agente EPP, reconociendo el valor de no multiplicar las capas tecnológicas.

Complementa las capacidades de detección de su EPP con la potencia de TEHTRIS EDR. El EPP bloquea las firmas conocidas e identificadas, mientras que el EDR neutraliza los nuevos ciberataques y comportamientos maliciosos o inusuales. Bloquee instantáneamente todos los ataques complejos que evadan el EPP y cuya criticidad pueda ser temible.

Le TEHTRIS EDR s'intègre parfaitement à la solution cybersécuritaire ultime de TEHTRIS : la XDR Platform

Perfectamente integrado en la TEHTRIS XDR Platform

Cuando se trata de ciberseguridad, orquestar eventos y reaccionar a las amenazas de forma eficaz y rápida es un reto fundamental. Una de las mejores maneras de hacerlo es con una automatización e inteligencia artificial potente. Esto es lo que ofrece TEHTRIS con su SOAR integrado en la TEHTRIS XDR Platform.

Mayor eficacia con TEHTRIS UES

TEHTRIS UES es la consola que unifica y refuerza la eficacia de las soluciones EDR, EPP y MTD. Equipada con herramientas Front-end potentes y fáciles de usar, la consola UES le proporcionará una mayor capacidad de actuación en materia de ciberseguridad, desde las operaciones temporales de crisis hasta la supervisión regular.

Compatible con todos los OS de su parque informático

Pictogrammes en ligne, un ordinateur fixe, un ordinateur portable et un data center

Mac OS

Operating System32bits64bits
macOS Catalina Compatible
macOS High Sierra Compatible
macOS Mojave Compatible
macOS Sierra Compatible

Windows

Operating System32bits64bits
Windows 10 Compatible Compatible
Windows 7 Compatible Compatible
Windows 8 Untested but designed for compatibility Compatible
Windows Server 2003 Compatible Untested but designed for compatibility
Windows Server 2008 Compatible Compatible
Windows Server 2008 R2 Compatible Compatible
Windows Server 2012 N/A Compatible
Windows Server 2012 R2 N/A Compatible
Windows Server 2016 N/A Compatible
Windows Server 2019 N/A Compatible
Windows XP Compatible Untested but designed for compatibility

Linux

Operating System32bits64bits
CentOS Linux 5.11 Compatible
CentOS Linux 5.3 Compatible
CentOS Linux 6.9 Compatible
CentOS Linux 7.5 Compatible
Ubuntu Linux 14.04 Trusty Compatible
Ubuntu Linux 16.04 Xenial Compatible
Ubuntu Linux 18.04 Bionic Compatible
Ubuntu Linux 8.04 Hardy Compatible

Cumplimiento de MITRE ATT&CK

MITRE ATT&CK es una base de conocimientos que modela el comportamiento de un ciberatacante, que refleja las diferentes fases del ciclo de vida del ataque según las plataformas: Windows, Mac, Linux, móvil, etc.

Descubra la compatibilidad de TEHTRIS XDR Platform con MITRE ATT&CK

1

día para integrar TEHTRIS EDR

100

países en los que nuestras tecnologías están despliegadas para la detección y respuesta a incidentes

+ 20 K

EDR desplegado en el cloud en menos de 24 horas

Preserve la soberanía e integridad de sus datos

Desde 2010, TEHTRIS innova y enriquece su solución de ciberdefensa, a través de los diferentes módulos de la TEHTRIS XDR Platform.

¡Elija el líder europeo en ciberseguridad!

Frequently Asked Questions

TEHTRIS EDR has several features to perform automated remediation, based on predefined parameters, which allows to fight effectively 24/7 against unknown threats, without the risk of depending on a human team that may be missing elements.

TEHTRIS EDR offers to search for more than 11,000 CVE vulnerabilities, which allows you to discover sometimes totally invisible things, such as machines that are vulnerable because of an old Java engine, Adobe Reader, or Flash, forgotten or installed in «legacy» mode. You can deploy TEHTRIS EDR to audit your IT assets, without consuming excessive resources, and thus have the possibility to ensure the compliance of your assets: patch management policy, risk aversion criteria, etc.

TEHTRIS EDR has several protections against ransomware: the blacklists in our CTI which enrich the choices of EDRs, application security policies to authorize only what you want, Honeytokens-type concepts with fake files that a ransomware will want to destroy while being detected (file-type computer lure), and many behavioral-based mechanisms: attacking certain points on the hard disk, etc.


TEHTRIS EDR has several ways to combat lateral attacks, including the ability to process local logs in the operating system to detect if activity is being attempted remotely. This is a true SIEM tactical, local, capable of knowing whether a session is interactive or not, remote or not, in order to be able to track attacks of this type.

TEHTRIS EDR embeds an ultra-sophisticated analysis engine, capable of differentiating between a legitimate product and one that is not, in terms of PowerShell, by analyzing the code executed on the fly so as not to miss any of the many modern and stealthy attacks associated.

* © 2020 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

** Gartner and Market Guide are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner Market Guide for Extended Detection and Response, Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021
TEHTRIS recognized as a Representative Vendor in the 2021 Market Guide for Extended Detection and Response.
Craig Lawson, Peter Firstbrook, Paul Webber, 8 November 2021

Gartner Innovation Insight for Unified Endpoint Security, Rob Smith, Dionisio Zumerle, 12th November 2020,
Gartner Market Guide for Mobile Threat Defense, Dionisio Zumerle, Rob Smith, 29th March 2021,
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Frequently Asked Questions

TEHTRIS EDR has several features to perform automated remediation, based on predefined parameters, which allows to fight effectively 24/7 against unknown threats, without the risk of depending on a human team that may be missing elements.

TEHTRIS EDR offers to search for more than 11,000 CVE vulnerabilities, which allows you to discover sometimes totally invisible things, such as machines that are vulnerable because of an old Java engine, Adobe Reader, or Flash, forgotten or installed in «legacy» mode. You can deploy TEHTRIS EDR to audit your IT assets, without consuming excessive resources, and thus have the possibility to ensure the compliance of your assets: patch management policy, risk aversion criteria, etc.

TEHTRIS EDR has several protections against ransomware: the blacklists in our CTI which enrich the choices of EDRs, application security policies to authorize only what you want, Honeytokens-type concepts with fake files that a ransomware will want to destroy while being detected (file-type computer lure), and many behavioral-based mechanisms: attacking certain points on the hard disk, etc.


TEHTRIS EDR has several ways to combat lateral attacks, including the ability to process local logs in the operating system to detect if activity is being attempted remotely. This is a true SIEM tactical, local, capable of knowing whether a session is interactive or not, remote or not, in order to be able to track attacks of this type.

TEHTRIS EDR embeds an ultra-sophisticated analysis engine, capable of differentiating between a legitimate product and one that is not, in terms of PowerShell, by analyzing the code executed on the fly so as not to miss any of the many modern and stealthy attacks associated.

TEHTRIS EDR provides its own protection through layers that are directly installed in the Windows kernel, via a low-level driver, so that it cannot be uninstalled outside of an authorized centralized decision. It is not possible to remove the agent.

The analysis of malicious URL links with C&C lists, etc. is mainly conducted by the TEHTRIS EPP product. However, we can do targeted searches for these threats with TEHTRIS EDR in hunting mode.

TEHTRIS EDR continues to operate with its security policy already loaded when it goes offline. It then stores the events that it will report upon reconnection to its endpoint appliance. Of course, throughout this phase, the risk of intrusion without a network connection seems to be reduced, since TEHTRIS EDR can also contain USB attacks for example.

TEHTRIS EDR may request the TEHTRIS Cyber Threat Intelligence module of TEHTRIS XDR Platform, to perform sandbox scans, offline antivirus scans, neural network engine scans, or malware knowledge base searches.

TEHTRIS has many elements related to artificial intelligence and automatisms associated with the cyberworld. In machine learning mode, TEHTRIS EDR learns all the executions in your infrastructure in order to detect anomalies, as well as the persistence points used by hackers to survive a reboot or reconnection. In deep learning mode, TEHTRIS EDR has a compact neural network-based engine that can tell if software is malicious or not. This engine is also used in TEHTRIS CTI. The latter is the first French product accepted by Google on its free service VirusTotal, where a public and non-commercial version is constantly running in search of unknown malware.

TEHTRIS EDR natively uploads at-risk files back to its infrastructure so that the payload can be detonated in a sandbox environment. Robots plan and control the execution, analyze the results, and return the right information back to the EDRs on their own, so they can make a decision.

To put it simply, EPP is the next-generation antivirus tool that protects the OS against known attacks. It is the real system shield. EDR solutions are used to detect unknown threats and handle security issues remotely with a range of incident response functions. TEHTRIS believes that EDR and EPP products will soon merge and become one tool through a necessary technological convergence. The existence of an EDR market was only necessary because they filled technical gaps on the EPP side. In a future that is already beginning, companies will choose one product, an endpoint protection solution, combining EDR and EPP features, to avoid agent issues. TEHTRIS EPP and TEHTRIS EDR are already available for this purpose.

We must choose the criteria that allow neutralization by software robots. It’s a risky action, that some EDR solutions don’t want to offer for fear of breaking everything. Unfortunately, the day an unknown ransomware comes in, such products, which are only used for response and analysis, will only be able to say that they have understood why the company is being destroyed (not helpful at all). This is not our philosophy and we prefer to offer automatic neutralization, carefully and properly configured. Depending on the aspect of the unknown software, you will be able to decide whether to let it go or not: behavior, sandbox results, antivirus results, antivirus databases results, etc.

For mobile devices, we offer another range of products, called Mobile Threat Defense, different from TEHTRIS EDR.

We collect metadata in a way that is compatible with the GDPR, and we will able to exchange on these elements if you wish.

If your EPP agents plays at killing security software protecting your infrastructure, there might be a problem with the EPP settings or even the product. Currently, for all customers who do not have TEHTRIS EPP, and who have been using TEHTRIS EDR since 2014, we have encountered a total of zero conflict issues with other EPP brands.

A TEHTRIS EDR agent can be instructed so that its hosts might only accept outbound network flows to its management appliance, so that a SOC can quietly study its host, without taking the risk of lateral movement or internal exploration.

TEHTRIS EDR runs on Linux, Apple macOs and Windows.

TEHTRIS EDR collects and analyzes security logs from workstations, providing a so-called tactical SIEM capability, in order to keep very interesting events for cybersecurity analysts.

TEHTRIS EDR uses less than 1% on average on the CPU, and less that 100 Mo to 200 Mo in RAM, depending on the settings you want to setup: loading the neural network in memory or not, etc.

TEHTRIS EDR supports obsolete Windows operating systems, such as Windows XP and Windows Server 2003, which we encounter very often, especially in industrial computing environments (EO, ICS, SCADA) that sometimes need to keep these systems for decades, factoring in the plant operation costs and the related specific equipment.

TEHTRIS EDR has been tested and deployed by some of our customers in industrial environments on Windows boxes that were not advertised by the manufacturers as supporting it. These customers could no longer imagine not having antivirus (not enough RAM, too old, etc.) or EDR (light and powerful but not officially supported by the OT manufacturer). So, they made agreements with the manufacturers, and they conducted some tests alone, with the help of TEHTRIS in background. For example, we are in factories with equipment from different brands like Siemens (Simatic, Simoton, WinCC, TIA, etc.).

TEHTRIS EDR can prohibit the use of external storage, or even set it to read-only to prevent deliberate or inadvertent exfiltration. TEHTRIS logs all traces of connected USB devices to provide traceability regarding these threats.

Cyber or not cyber ?

Une fois par mois, soyez au courant de l’actualité cyber en vous abonnant à la newsletter TEHTRIS.